The unpredictable career of a high-flying exec

Val Rahmani, CEO of Damballa

Val Rahmani’s career path is almost as difficult to follow as a plane barrel-rolling and humpty-bumping during an air show. Though she’s now the CEO of Damballa, a startup that protects companies like Comcast from nasty online hackers and bots, Rahmani wasn’t always so sure where she was headed. Hailing from England, she came to the States in the mid-90s to work as Lou Gerstner’s executive assistant at IBM.

From there, Rahmani became a bit of an entrepreneur within the corporation. She managed team after team, focusing on new frontiers like open systems (then back to mainframes), global wireless, and the company’s UNIX server software business. After overseeing IBM’s IBM $1.3 billion acquisition of Internet Security Systems, Rahmani became the general manager of that department — only to leave two years later for Damballa. Under her leadership, the startup secured $12 million in funding last February.

This all seems humdrum compared to Rahmani’s extracurriculars: She’s taking “rap dance” lessons, she’s a skilled ice dancer, and she’s a member of the British Aerobatic Team. Much like her career, Rahmani loves the excitement that accompanies a challenge. “I often find myself taking risky things and making them as safe as possible,” she says. Here, Rahmani tells Fortune about her personal career path and her take on risk.

Fortune: You’ve jumped around quite a bit, getting a PhD in chemistry from Oxford and ending up as an engineer and then in sales at IBM. What came next?

Rahmani: I was on a ski vacation in the U.S. while I was heading the Unix business in England and I got a call from my boss saying, “Can you reroute from Breckenridge to New York? We want you to interview to be executive assistant to Lou Gerstner.” I’m like, “Oh really? But I like what I’m doing!” But, Lou had been there a couple of years and who turns down working for Lou Gerstner, when the whole world was talking about him? I interviewed with him on a Thursday and he said, “When will you start?” I started the following Monday.

You eventually moved back to Europe to run IBM’s mainframe division. How was the transition?

I must have been 40 and this is about 95% over 50-year old males. So I’ve got these 300 people in front of me and they’re all 50-year old males. And they must have wondered what was going on. I stood up and said, “We’re going to reinvent mainframe. Mainframe’s going to be the cool thing again. And you could see half of them thinking this is amazing and the other half going, “Oh my god, I’ve got to get out of here. She’s smoking something.” But I was in charge, so they all had no choice but to listen to me.

Later on, you headed IBM’s Unix division, a $3.5 billion business. Has your management style changed over the years? If so, how?

What I’ve always done — and I’d been criticized for it every year [at IBM] — I’ve always looked more at the people below me than the people above me. The people below you know how to do what they’re doing. What they need is guidance, direction, a clear vision, and they need to know where their piece fits into that and why they’re making a difference. The successful leaders I’ve seen are those who actually listen to the people who work for them who are really the experts, rather than playing politics at the top. It’s more fun that way.

You left IBM in 2010 to become the CEO of an Internet security startup. What’s the online criminal culture like?

There’s different levels of online criminals, as there are in any crime. There’s the low-level guys, who go after credit card numbers and personal information and passwords. They’re like the drug dealer on the street corner if you will. They get paid 30 cents for every machine they infect in the U.S. and 10 for every one they infect in Europe and 5 in Asia.

Then a different set of criminals take over and see what they can steal off of those machines. They sell credit cards, passwords, personal information on the web. So there are websites where there are bank accounts available for sale. You know, X Euros per bank account.

And then there are the senior criminals who know exactly what they want, who will take those same infected machines and just take the ones they really want. They’ll buy these machines on the web from the “owner,” and you’ll get a criminal who truly wants, you know … M&A data from lawyers. They’ve got very specific things in mind that they want to go and get. And then you get state-sponsored data — probably not the ratio you see in the press — but we see state-sponsored data going out to China and other countries.

You got your pilot’s license almost 20 years ago, and eventually got into aerobatic flying. What were the early days like?

I was living in White Plains and a friend said there’s this great aerobatic pilot close by. I had my flying license, but maybe about 8 hours of aerobatics, maybe 10, which is nothing. So I get out to this little old airfield in the middle of nowhere in New Jersey and there’s an old guy shuffling around and I go, “Hi, I’ve been told to look for Jim Cheedning.” And he goes, “That would be me.” The guy is too old, he can barely strap into the plane. As it turns out, he’s a great aerobatic pilot. I flew with him probably every other weekend for a year or so.

What does it feel like when you’re up in the air?

You just have to have the guts to do what’s called negatives [accelerating downward]. The real difference in intermediate and unlimited levels is positive feels kind of okay, negative is where you’re pushing, your eyes feel like they’re coming out your head. That’s the bit that’s horrible, and that’s the difference of going up to unlimited. You see stars.

Leaving IBM for a small startup, fighting online criminals daily, and doing flips in the sky. It all seems a bit risky.

I don’t take risks. I work really hard to minimize risk in everything I do. So it sounds like we’re taking a risk, but we work really hard to pre-flight the plane, make sure it’s safe, to fly over a runway, in the same way as I make sure my team changes their passwords and keeps everything we do safe. And I make sure my customers understand how to keep safe.

I think my whole life is about trying to take the risk out of risky things, if that makes sense. I’m constantly putting myself in risky situations — and trying to make them safe. I’m sure what I do does have some amount of risk, but not a lot, I don’t think.

Editor’s note: A previous version of this story incorrectly spelled flight instructor Jim Cheedning’s last name.

Val Rahmani’s career path is almost as difficult to follow as a plane barrel-rolling and humpty-bumping during an air show. Though she’s now the CEO of Damballa, a startup that protects companies like Comcast from nasty online hackers and bots, Rahmani wasn’t always so sure where she was headed. Hailing from England, she came to the States in the mid-90s to work as Lou Gerstner’s executive assistant at IBM.

From there, Rahmani became a bit of an entrepreneur within the corporation. She managed team after team, focusing on new frontiers like open systems (then back to mainframes), global wireless, and the company’s UNIX server software business. After overseeing IBM’s IBM $1.3 billion acquisition of Internet Security Systems, Rahmani became the general manager of that department — only to leave two years later for Damballa. Under her leadership, the startup secured $12 million in funding last February.

This all seems humdrum compared to Rahmani’s extracurriculars: She’s taking “rap dance” lessons, she’s a skilled ice dancer, and she’s a member of the British Aerobatic Team. Much like her career, Rahmani loves the excitement that accompanies a challenge. “I often find myself taking risky things and making them as safe as possible,” she says. Here, Rahmani tells Fortune about her personal career path and her take on risk.

Fortune: You’ve jumped around quite a bit, getting a PhD in chemistry from Oxford and ending up as an engineer and then in sales at IBM. What came next?

Rahmani: I was on a ski vacation in the U.S. while I was heading the Unix business in England and I got a call from my boss saying, “Can you reroute from Breckenridge to New York? We want you to interview to be executive assistant to Lou Gerstner.” I’m like, “Oh really? But I like what I’m doing!” But, Lou had been there a couple of years and who turns down working for Lou Gerstner, when the whole world was talking about him? I interviewed with him on a Thursday and he said, “When will you start?” I started the following Monday.

You eventually moved back to Europe to run IBM’s mainframe division. How was the transition?

I must have been 40 and this is about 95% over 50-year old males. So I’ve got these 300 people in front of me and they’re all 50-year old males. And they must have wondered what was going on. I stood up and said, “We’re going to reinvent mainframe. Mainframe’s going to be the cool thing again. And you could see half of them thinking this is amazing and the other half going, “Oh my god, I’ve got to get out of here. She’s smoking something.” But I was in charge, so they all had no choice but to listen to me.

Later on, you headed IBM’s Unix division, a $3.5 billion business. Has your management style changed over the years? If so, how?

What I’ve always done — and I’d been criticized for it every year [at IBM] — I’ve always looked more at the people below me than the people above me. The people below you know how to do what they’re doing. What they need is guidance, direction, a clear vision, and they need to know where their piece fits into that and why they’re making a difference. The successful leaders I’ve seen are those who actually listen to the people who work for them who are really the experts, rather than playing politics at the top. It’s more fun that way.

You left IBM in 2010 to become the CEO of an Internet security startup. What’s the online criminal culture like?

There’s different levels of online criminals, as there are in any crime. There’s the low-level guys, who go after credit card numbers and personal information and passwords. They’re like the drug dealer on the street corner if you will. They get paid 30 cents for every machine they infect in the U.S. and 10 for every one they infect in Europe and 5 in Asia.

Then a different set of criminals take over and see what they can steal off of those machines. They sell credit cards, passwords, personal information on the web. So there are websites where there are bank accounts available for sale. You know, X Euros per bank account.

And then there are the senior criminals who know exactly what they want, who will take those same infected machines and just take the ones they really want. They’ll buy these machines on the web from the “owner,” and you’ll get a criminal who truly wants, you know … M&A data from lawyers. They’ve got very specific things in mind that they want to go and get. And then you get state-sponsored data — probably not the ratio you see in the press — but we see state-sponsored data going out to China and other countries.

You got your pilot’s license almost 20 years ago, and eventually got into aerobatic flying. What were the early days like?

I was living in White Plains and a friend said there’s this great aerobatic pilot close by. I had my flying license, but maybe about 8 hours of aerobatics, maybe 10, which is nothing. So I get out to this little old airfield in the middle of nowhere in New Jersey and there’s an old guy shuffling around and I go, “Hi, I’ve been told to look for Jim Cheedning.” And he goes, “That would be me.” The guy is too old, he can barely strap into the plane. As it turns out, he’s a great aerobatic pilot. I flew with him probably every other weekend for a year or so.

What does it feel like when you’re up in the air?

You just have to have the guts to do what’s called negatives [accelerating downward]. The real difference in intermediate and unlimited levels is positive feels kind of okay, negative is where you’re pushing, your eyes feel like they’re coming out your head. That’s the bit that’s horrible, and that’s the difference of going up to unlimited. You see stars.

Leaving IBM for a small startup, fighting online criminals daily, and doing flips in the sky. It all seems a bit risky.

I don’t take risks. I work really hard to minimize risk in everything I do. So it sounds like we’re taking a risk, but we work really hard to pre-flight the plane, make sure it’s safe, to fly over a runway, in the same way as I make sure my team changes their passwords and keeps everything we do safe. And I make sure my customers understand how to keep safe.

I think my whole life is about trying to take the risk out of risky things, if that makes sense. I’m constantly putting myself in risky situations — and trying to make them safe. I’m sure what I do does have some amount of risk, but not a lot, I don’t think.

Editor’s note: A previous version of this story incorrectly spelled flight instructor Jim Cheedning’s last name.